CITECT has responded to
allegations of security problems in its SCADA solution by telling customers they are unlikely to be at risk if their systems are protected by industry-standard security guidelines.
The potential security breaches found by Core Security Technologies were limited to Windows-based control systems utilising ODBC technology. However, they were only exploitable if the control systems were connected to the Internet without any security in place.
Citect and other SCADA and Control vendors say they have been warning clients of the security risks of connecting their systems to the internet for some time, and such behaviour was unlikely in today’s business environment.
The company says it prioritises its customers’ security, and is contacting clients globally to confirm they have followed the recommended network security measures. They have also developed a patch for the problem.
SCADA systems, like any business systems should be protected from unauthorised access. These protections could include firewalls, intrusion detection systems and virtual private networks. Citect says it has a
whitepaper to educate customers on network security.
